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Disclosure to Promote the Right To Information 

Whereas the Parliament of India has set out to provide a practical regime of right to 
information for citizens to secure access to information under the control of public authorities, 
in order to promote transparency and accountability in the working of every public authority, 
and whereas the attached publication of the Bureau of Indian Standards is of particular interest 
to the public, particularly disadvantaged communities and those engaged in the pursuit of 
education and knowledge, the attached public safety standard is made available to promote the 
timely dissemination of this information in an accurate manner to the public. 
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NATIONAL FOREWORD 

This Indian Standard which is identical with ISO/PAS 1 7002 ; 2004 'Conformity assessment — Confidentiality 
— Principles and requirements* Issued by the International Organization for Standardization (ISO) was adopted 
by the Bureau of Indian Standards on the recommendation of the NationahMirror Committee of CASCO and 
approval of the Director General, Bureau of Indian Standards under Rule 8(3)C of BIS Rules, 1 987. 

The text of ISO/PAS Standard has been approved as suitable for publication as an Indian Standard without 
deviations. Certain conventions are, however, not identical to those used in Indian Standards. Attention is 
particularly drawn to the following: 

a) Wherever the words 'International Standard' appear referring to this standard, they should be read as 
Indian Standard'. 

b) Comma (,) has been used as a decimal marker while in Indian Standards, the current practice is to 
use a point (.) as the decimal marker. 
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Introduction 

In 2001 the ISO Council asked its policy connmittee on conformity assessment (ISO/CASCO) to study and 
prepare a group of common elements for application in future ISO documents on conformity assessment. 
Subsequent to this request, ISO/CASCO approved the formation of Working Group 23, Common elements in 
ISO/IEC Standards for conformity assessment activities, to undertake this task. 

The working group has identified several common elements, including among others 

— impartiality, 

— confidentiality, 

— complaints and appeals, 

— management systems. 

This Publicly Available Specification (PAS) addresses the "confidentiality" element that occurs in many of the 
ISO/lEC Guides and International Standards on conformity assessment. 

The PAS covers the agreed principles that give substance to the element of confidentiality, and also provides 
requirements clauses intended to be included in future ISO/IEC Internationa! Standards on conformity 
assessment. 

This PAS is intended to apply to the drafting of documents on conformity assessment by ISO/CASCO. 

Clause 4 (Principles) contains statements that are intended to orientate ISO/CASCO working groups in their 
task of creating requirements to address confidentiality in their documents. 

The requirements to be inserted into future ISO/CASCO documents that cover the common element of 
"confidentiality" are detailed in Clause 5. ISO/CASCO has adopted a common structure for the presentation of 
requirements. Requirements should be grouped under one or more of the following headings: 

a) General requirements; 

b) Structural requirements; 

c) Resource requirements; 

d) Process requirements; 

e) Management system requirements. 

As such, each of the common elements will have requirements related to it grouped under one or more of the 
headings shown above. 

This PAS is not intended to become a future International Standard. At the end of three years after the date of 
publication, it is expected this PAS will be withdrawn and its contents incorporated as appropriate in relevant 
ISO/CASCO normative and guidance documents. 
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1 Scope 

This Publicly Available Specification (PAS) contains principles and requirements for the element of 
confidentiality as it relates to conformity assessment. 

It is an internal tool for use in the ISO standards development process by ISO/CASCO working groups when 
addressing the element of confidentiality in the preparation of their documents. 

This Publicly Available Specification is not a stand-alone normative document to be used directly in conformity 
assessment activities. 



2 Normative references 

The following referenced documents are indispensable for the application of this document. For dated 
references, only the edition cited applies. For undated references, the latest edition of the referenced 
document (including any amendments) applies. 

ISO/iEC 17000, Conformity assessment ~ Vocabulary and general principles 



3 Terms and definitions 

For the purposes of this document, the terms and definitions given in ISO/IEC 17000 apply. 

NOTE The use of the term "body" in this PAS means either an accreditation body or a conformity assessment body 
as defined in IS0/IEC1 7000. 



4 Principles of confidentiality 

4.1 To gain access to the information needed to conduct effective conformity assessment activities, the 
body needs to provide confidence that confidential information will not be disclosed. 

4.2 All organizations and individuals have the right to have protected any proprietary information that they 
provide. 

4.3 Managing the balance between confidentiality and public disclosure related requirements affects 
stakeholders' trust and their perception of value in the conformity assessment activities being performed. 

NOTE It is intended that there will be a separate PAS covering the common element of public disclosure. 
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5 Requirements for confidentiality 

5.1 General 

in developing this PAS it was recognised that there are varying degrees of specificity that ISO/CASCO 
working groups should consider. As a result the requirements in this clause are categorized into three levels of 
specificity as follows. 

a) Obligatory: these are specific drafted requirements that shall be used by ISO/CASCO working groups 
where the element has to be addressed, without modification, except for substitution of more specific 
terms. For example, the phrase "Conformity assessment activities shall be undertaken impartially", may 
be substituted more specifically with "Management system certification activities shall be undertaken 
impartially". Justification is required from ISO/CASCO working groups that do not use these requirements 
when dealing with the relevant common element. 

b) Recommended: these are drafted requirements that working groups should use if they wish to have a 
greater degree of specification. Modification is permissible. 

c) Suggested: these are considerations that could be taken into account in the drafting of requirements by 
the ISO/CASCO working group. 

By providing for these different levels of specificity, the PAS achieves the ISO/CASCO intent to have an 
agreed statement on elements that are common to all conformity assessment activities, and at the same time 
maintains some flexibility for specific wording by individual ISO/CASCO working groups. 

5.2 General requirements 

The following requirements are obligatory. 

a) The body shall be responsible, through legally enforceable commitments, for the management of ail 
information obtained or created during the performance of conformity assessment activities. The body 
shall inform the client, in advance, of the information it intends to place in the public domain. Except for 
information that the client makes publicly available, or when agreed between the body and the client (e.g. 
for the purpose of responding to complaints), all other information is considered proprietary information 
and shall be regarded as confidential. 

b) When the body is required by law or authorized by contractual arrangements to release confidential 
information, the client or individual concerned shall, unless prohibited by law, be notified of the 
information provided. 

c) Information about the client obtained from sources other than the client (e.g. complainant, regulators) 
shall be treated as confidential. 

5.3 Resource requirements 

5.3.1 Obligatory requirements 

Personnel, including any committee members, contractors, personnel of external bodies, or individuals acting 
on the body's behalf, shall keep confidential all information obtained or created during the performance of the 
body's conformity assessment activities, except as required by law. 

5.3.2 Recommended requirements 

The body shall have available and use facilities for the secure handling (e.g. postage, e-mailing, record 
destruction) of confidential information (e.g. documents, records) and objects of conformity assessment (e.g. 

product samples). 
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BIS is a statutory institution established under the Bureau of Indian Standards Act, 1986 to promote 
harmonious development of the activities of standardization, marking and quality certification of 
goods and attending to connected matters in the country. 

Copyright 
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